Search engines head for EU clash

Search engine companies may be set for a clash with European regulators over how long personal data related to searches should be retained.

By
Jeremy Kirk, IDG News Service
| Apr 08, 2008

| IDG News Service

Share

TwitterFacebookLinkedInGoogle Plus

Search engine companies may be set for a clash with European regulators over how long personal data related to searches should be retained.

A new report from the European Commission's Article 29 Data Protection Working Party recommends that personal search data should be discarded after six months, despite the fact most search companies are retaining data much longer.

The report looked at how data handling by search engines complies with European regulations such as the Data Protection Directive.

Search data can be used to build a profile of a person's interests, relations and intentions, even if some identifying information is removed, the report said. The collection of data en masse by search engines has considerable privacy implications, it said.

The report, available on the Web site of the Dutch Data Protection Authority, recommends that search engine data should be either deleted or irreversibly made anonymous after it no longer serves a purpose, a period that should not exceed six months.

Beyond that period, search engines "must demonstrate comprehensively that it is strictly necessary for the service," the report said.

Related

The report also rejected defences by search engine companies that longer data retention periods help improve the service or to better security.

"After the end of a search session, personal data could be deleted, and the continued storage therefore needs an adequate justification," the report said. " However, some search engines seem to retain data indefinitely, which is prohibited."

The data collected by search engines can include a host of details, including IP address, search terms, data and time of the search as well brand of browser, operating system and language used.

The report takes aim at some of the biggest Internet players such as Google, Yahoo and Microsoft.

Google said it had reacted to concerns over search data, saying it was the first company to anonymise its search logs. It also changed the expiry times of data files it places on PCs, known as cookies, which allow for example a person to stay logged in to a website or for the site to remember particular preferences.

"Protecting users' privacy is at the heart of all our products," said Peter Fleischer, Google's global privacy council, in a statement.

Yahoo said it was reviewing the working party's report, adding it is committed to providing clear comprehensive privacy policies. Microsoft could not be immediately reached for comment.

All three companies retain some search data longer than six months, which could eventually put them at odds with the Commission. The working party report will be used by the Commission as it studies data protection.